Authentication and authorization in a wearable ensemble

ABSTRACT

Various systems and methods for authentication and authorization in a wearable ensemble are described herein. A system for authenticating a wearable device includes an access module to access a second wearable device from a first wearable device, the first and second wearable devices being worn by a wearer and the first wearable device being a trusted device to the wearer, a measurement module to measure a distance from the first wearable device to the second wearable device, and an authentication module to authenticate the second wearable device when the distance is within a threshold range of an initialized distance.

CROSS-REFERENCE TO RELATED APPLICANTS

This application is a continuation of U.S. patent application Ser. No.14/568,915, filed Dec. 12, 2014, which is incorporated by referenceherein in its entirety.

TECHNICAL FIELD

Embodiments described herein generally relate to inter-devicecommunication and in particular, to authentication and authorization ina wearable ensemble.

BACKGROUND

Wearable devices are devices designed to be worn on a body. Wearabledevices may include sensors or processing capabilities to observe thebody or other information, and provide those observations orcalculations made from those observations to people. Some modernwearable devices may communicate with each other to share information. Acollection of these wearable devices on a body may be known as a BodyArea Network (BAN). One communications mechanism for BAN devices is BodyCoupled Communication (BCC), in which the body itself serves as acommunications medium.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings, which are not necessarily drawn to scale, like numeralsmay describe similar components in different views. Like numerals havingdifferent letter suffixes may represent different instances of similarcomponents. Some embodiments are illustrated by way of example, and notlimitation, in the figures of the accompanying drawings in which:

FIG. 1 is a schematic diagram illustrating an environment, according toan embodiment;

FIG. 2 is a block diagram illustrating a system for authenticating awearable device, according to an embodiment;

FIG. 3 is a flowchart illustrating a method of authenticating a wearabledevice, according to an embodiment; and

FIG. 4 is a block diagram illustrating an example machine upon which anyone or more of the techniques (e.g., methodologies) discussed herein mayperform, according to an example embodiment.

DETAILED DESCRIPTION

Systems and methods described herein provide authentication andauthorization in a wearable ensemble. Wearable devices will becomeincreasingly popular. In the near future, people may be wearing three,four, or more devices on a daily basis. Two or more devices on a personmay be interconnected to share data or data communication networks. Forexample, one device may act as a gateway device to a larger network(e.g., the Internet). With the increase in the number of devices,maintaining connections, authentication among several devices, and othermanagement become overly burdensome.

In order to address some of the authentication and management issuesdiscussed above, a wearable ensemble of multiple wearable devices may befully authenticated by first authenticating one device and then usingthat device to build out the authenticated circle of trust. The systemsand methods described herein discuss a mechanism to build out theauthenticated circle of trust based on the relative locations ordistances from the first trusted device to one or more other devices.

An example is used to illustrate a mechanism for authenticating wearabledevices. Devices are typically worn in the same place day-to-day. Forexample, people tend to wear their watch on the same wrist, orglasses-based devices are really only useful when worn on the face.Additionally, it is noted that people are generally different sizes andwith enough data points, the size and shape of a person may be roughlyunique. Using this information, the relative distances between worndevices may be used as a mechanism to verify that the devices are beingworn by the same person.

Continuing in this example, a person may put on a wearable device with auser interface, such as a watch or a glasses-based device. The user mayauthenticate the first device using a password, personal identificationnumber (PIN), biometric signature (e.g., fingerprint), or the like. Thefirst device may be authenticated with the use of an auxiliary device,such as a smartphone or a laptop device. Once the first device isauthenticated, then additional devices may be authenticated from thefirst device. An additional device may be authenticated by detectingthat its distance from the first device is within a threshold of onexpected distance between the two devices. If this condition is met, theadditional device is considered to be one that is trusted.

FIG. 1 is a schematic diagram illustrating an environment 100, accordingto an embodiment. The environment 100 includes a user 102, who iswearing a head worn wearable device 104 and a wrist-based wearabledevice 106. The user 102 also has a smartphone 108 in their pocket.Using the smartphone 108, the user 102 may authenticate the head wornwearable device 104. For example, the user 102 may authenticate to thesmartphone 108, such as by providing a PIN or swiping their finger toprovide a fingerprint. The smartphone 108 may then identify portabledevices in the immediate area and prompt the user 102 as to whether oneor more of the portable devices are known to the user 102. The user 102may then identify the head worn wearable device 104 and indicate thatthis device is a trustworthy device. Alternatively, the user 102 mayequip and use the head worn wearable device 104 to directly authenticatethe device 104 using an interface on the device 104, such as afingerprint scanner, keypad, or the like.

Once the head worn wearable device 104 is authenticated, it may continueto attempt to authenticate additional devices. In the example shown inFIG. 1, the additional device is the wrist-based wearable device 106.Communicating with the wrist-based wearable device 106, the head wornwearable device 104 may determine the approximate distance between thetwo devices 110. If the distance matches or is close (e.g., within apredefined threshold) to a previously measured distance, then theadditional device (e.g., the wrist-based wearable device 106) isconsidered to be trustworthy and is authenticated to the body areanetwork (BAN). Because the proximity distances are measured as distanceson a body, the head worn wearable device 104 may assume that thewrist-based wearable device 106 is actually being worn (e.g., on thebody) and is eligible to join the BAN.

Distance and proximity may be measured in any number of different ways.Bluetooth® includes proximity distance detection from other Bluetoothradios. Body Coupled Communication (BCC) may also be used as a proxy forthe distance between two worn devices based on conductive properties ofthe body. A round-trip time may be used as well as other mechanisms todetermine distance between two computing devices.

The distances between various devices and a master or root device may beused to “map” the devices on the user's body. For example, a user maywear a glasses-based device, a wrist-worn device, and a shoe insertdevice. The glasses-based device may be authenticated and act as thetrusted device. Authentication may be performed directly with theglasses-based device, such as with a voice-match login, a retinal scan,a PIN code, or another authentication mechanism. The glasses-baseddevice may have previously measured distances to the rest of thewearable ensemble (e.g., to the wrist-based device and the shoe insertdevice). The distances to the wrist-based device and shoe insert may beused to authenticate these devices. The distances may also be used toverify the identity of the user/wearer. For example, the distances maybe used in a mathematical function, such as a linear aggregation, toverify that the devices are being worn by the expected user based onpreviously-measured distances. Such verification may be useful inenvironments where there are multiple users. As an example, a husbandand wife may both own and use a smartwatch and a footpod. When not inuse, they may store them in a basket, where the devices may intermix.When leaving for a run, the husband may grab the correct smartwatch, buthis wife's footpod. Based on previously measured values, the root device(e.g., smartphone, glasses, smartwatch, footpod, etc.) may detect thediscrepancy and notify the husband or the wife that the husband grabbedthe wrong footpod.

The previously measured distance may be based on an initializationprocess. For example, when the user 102 first obtains the wrist-basedwearable device 106, the user 102 may be prompted to put the wrist-basedwearable device 106 on and then assume one or more poses. The user 102may be asked to stand up straight with his arms by his side, then withhis arms out, then with his arms up over his head. In each pose, thedistance from a trusted wearable device (e.g., the head worn wearabledevice 104) is obtained. Then at a later time when the user 102 equipsthe wrist-based wearable device 106, the expected distance isreferenced. The actual distance may be different based on the user'sbody position, so the expected distance may be based on detecting wherethe wearable devices are with respect to one another. For example, ifthe wrist-based wearable device 106 is detected as being above the headworn wearable device 104, then the distance measured while the user 102was in the third pose is used as the reference distance.

In some cases, the user 102 may be asked to verify that they are wearingthe additional device (e.g., wrist-based wearable device 106) or verifythe authenticity of the additional device. The user 102 may be promptedwith an audio, visual, or multimedia prompt via one or more devices,such as the smartphone 108 or the head worn wearable device 104. Theuser 102 may be asked to perform an action or activity with theadditional (e.g., suspect) wearable device, such as to move their armwith the wrist-based wearable device 106 in a certain manner (e.g., movein a large circle in front of the user's body). Another requested actionmay be for the user 102 to move the location of the wrist-based wearabledevice 106 from one wrist to another wrist. This challenge-response typeof activity may then be used to authenticate that the wrist-basedwearable device 106 is actually being worn by the user 102, as opposedto just being in close proximity to the user 102.

The use of relative distances may also be used to verify that thecorrect devices are being worn. For example, the user 102 may have aspouse with similar or the same devices. One morning, the user 102 mayinadvertently put the spouse's smartwatch on their wrist. Detecting thatthe distance is incorrect, another device (e.g., the head worn wearabledevice 104 or the smartphone 108) may notify the user 102 that a newdevice is active and attempting to join the BAN or that the user 102 iswearing an unauthorized device.

FIG. 2 is a block diagram illustrating a system 200 for authenticating awearable device, according to an embodiment. The system 200 includes anaccess module 202, a measurement module 204, and an authenticationmodule 206. The system 200 may be incorporated into a wearable device(e.g., head worn wearable device 104) or another device (e.g.,smartphone 108).

The access module may be configured to access a second wearable devicefrom a first wearable device, the first and second wearable devicesbeing worn by a wearer (e.g., user) and the first wearable device beinga trusted device to the wearer.

In an embodiment, to access the second wearable device from the firstwearable device, the access module 202 is to access the second wearabledevice with a short-range wireless telemetry protocol. The short-rangewireless protocol may be Bluetooth® Low Energy.

In an embodiment, to access the second wearable device from the firstwearable device, the access module 202 is to access the second wearabledevice with a body-coupled communication protocol. The BCC may betraditional BCC or a wave-guide BCC. Traditional BCC uses communicationpathways through both the body and the environment. Wave-guide BCC usescommunication pathways solely through the body.

The measurement module 204 may be configured to measure a distance fromthe first wearable device to the second wearable device.

In an embodiment, to measure the distance from the first wearable deviceto the second wearable device, the measurement module 204 is to transmita signal from the second wearable device to the first wearable device,measure a signal strength of the signal, and calculate the distance fromthe signal strength. The signal strength may be measured usingdirectional antennas.

In an embodiment, to measure the distance from the first wearable deviceto the second wearable device, the measurement module 204 is to transmitan initial data packet from the first wearable device to the secondwearable device, receive a response data packet from the second wearabledevice at the first wearable device, measure a round-trip time based onthe transmit time of the initial data packet and the receipt time of theresponse data packet, and calculate the distance based on the round-triptime. Other mechanisms that use round-trip time may be used.

The authentication module 206 may be configured to authenticate thesecond wearable device when the distance is within a threshold range ofan initialized distance. In an embodiment, the threshold range comprisesa percentage of the initialized distance. For example, the thresholdrange may be 5% of the initialized distance. Alternatively, thethreshold range may be a fixed measurement, such as 10 centimeters. Thethreshold range may be considered a radius around the point where theinitialized distance ends (e.g., the location of the device). So anexpected distance would be the initialized distance plus or minus thethreshold range.

In an embodiment, to authenticate the second wearable device, theauthentication module 206 is to transmit a secure key from the firstwearable device to the second wearable device. The secure key may be ashared secret (e.g., PIN, public-private key, etc.) needed to join theBAN or an external network (e.g., Wi-Fi network).

In a further embodiment, the system 200 may include an initializationmodule to set initialized distance. The initialization module may setthe initialized distance by prompting the wearer of the first and secondwearable devices to assume a position, measuring a distance between thefirst and second devices while the wearer is in the position and,setting the initialized distance as the distance between the first andsecond device. The position may be any of a various number of positions,such as standing straight with arms in a certain position, sitting,lying down, or the like. In an embodiment, the authentication module 206may verify the wearer when the distance is within a threshold range ofan initialized distance.

In a further embodiment, the system 200 may include a verificationmodule to verify that the second wearable device is associated with thefirst wearable device before authenticating the second wearable device.In an embodiment, to verify the second wearable device is associatedwith the first wearable device, the verification module is to prompt thewearer to perform an action, determine that the wearer performed theaction, and verify the second wearable device being associated with thefirst wearable device based on the determining that the wearer performedthe action. This type of challenge-response verification is useful toensure that the second wearable device is actually being worn by thewearer and is not merely in close proximity to the wearer. The actionmay be any type of action or compound actions. In an embodiment, theaction comprises moving the second wearable device in a specific manner.In an embodiment, the action comprises moving the second wearable devicefrom a first location on the wearer's body to a second location on thewearer's body.

FIG. 3 is a flowchart illustrating a method 300 of authenticating awearable device, according to an embodiment. At block 302, a secondwearable device is accessed from a first wearable device, the first andsecond wearable devices being worn by a wearer and the first wearabledevice being a trusted device to the wearer. In an embodiment, accessingthe second wearable device from the first wearable device comprisesaccessing the second wearable device with a short-range wirelesstelemetry protocol. In an embodiment, accessing the second wearabledevice from the first wearable device comprises accessing the secondwearable device with a body-coupled communication protocol

At block 304, a distance from the first wearable device to the secondwearable device is measured. In an embodiment, measuring the distancefrom the first wearable device to the second wearable device comprisestransmitting a signal from the second wearable device to the firstwearable device, measuring a signal strength of the signal, andcalculating the distance from the signal strength.

In an embodiment, measuring the distance from the first wearable deviceto the second wearable device comprises transmitting an initial datapacket from the first wearable device to the second wearable device,receiving a response data packet from the second wearable device at thefirst wearable device, measuring a round-trip time from based on thetransmit time of the initial data packet and the receipt time of theresponse data packet, and calculating the distance based on theround-trip time.

At block 306, the second wearable device is authenticated when thedistance is within a threshold range of an initialized distance. In anembodiment, the threshold range comprises a percentage of theinitialized distance. In an embodiment, authenticating the secondwearable device comprises transmitting a secure key from the firstwearable device to the second wearable device.

In a further embodiment, the initialized distance is set by promptingthe wearer of the first and second wearable devices to assume aposition, measuring a distance between the first and second deviceswhile the wearer is in the position, and setting the initializeddistance as the distance between the first and second device. In afurther embodiment, the method 300 includes verifying the wearer whenthe distance is within the threshold range of the initialized distance.For example, the distances of several devices may be initially measuredand stored, such that at a later time, when a person puts the deviceson, the person's identity can be verified using the measurements. Thisis based on the general observation that most people have distinct bodymeasurements, especially as the number of devices and correspondingmeasurements increase.

In a further embodiment, the method 300 includes verifying the secondwearable device is associated with the first wearable device beforeauthenticating the second wearable device. In an embodiment, verifyingthe second wearable device is associated with the first wearable devicecomprises prompting the wearer to perform an action, determining thatthe wearer performed the action, and verifying the second wearabledevice being associated with the first wearable device based on thedetermining that the wearer performed the action. In an embodiment, theaction comprises moving the second wearable device in a specific manner.In an embodiment, the action comprises moving the second wearable devicefrom a first location on the wearer's body to a second location on thewearer's body.

Embodiments may be implemented in one or a combination of hardware,firmware, and software. Embodiments may also be implemented asinstructions stored on a machine-readable storage device, which may beread and executed by at least one processor to perform the operationsdescribed herein. A machine-readable storage device may include anynon-transitory mechanism for storing information in a form readable by amachine (e.g., a computer). For example, a machine-readable storagedevice may include read-only memory (ROM), random-access memory (RAM),magnetic disk storage media, optical storage media, flash-memorydevices, and other storage devices and media.

Examples, as described herein, may include, or may operate on, logic ora number of components, modules, or mechanisms. Modules may be hardware,software, or firmware communicatively coupled to one or more processorsin order to carry out the operations described herein. Modules may behardware modules, and as such modules may be considered tangibleentities capable of performing specified operations and may beconfigured or arranged in a certain manner. In an example, circuits maybe arranged (e.g., internally or with respect to external entities suchas other circuits) in a specified manner as a module. In an example, thewhole or part of one or more computer systems (e.g., a standalone,client or server computer system) or one or more hardware processors maybe configured by firmware or software (e.g., instructions, anapplication portion, or an application) as a module that operates toperform specified operations. In an example, the software may reside ona machine-readable medium. In an example, the software, when executed bythe underlying hardware of the module, causes the hardware to performthe specified operations. Accordingly, the term hardware module isunderstood to encompass a tangible entity, be that an entity that isphysically constructed, specifically configured (e.g., hardwired), ortemporarily (e.g., transitorily) configured (e.g., programmed) tooperate in a specified manner or to perform part or all of any operationdescribed herein. Considering examples in which modules are temporarilyconfigured, each of the modules need not be instantiated at any onemoment in time. For example, where the modules comprise ageneral-purpose hardware processor configured using software; thegeneral-purpose hardware processor may be configured as respectivedifferent modules at different times. Software may accordingly configurea hardware processor, for example, to constitute a particular module atone instance of time and to constitute a different module at a differentinstance of time. Modules may also be software or firmware modules,which operate to perform the methodologies described herein.

FIG. 4 is a block diagram illustrating a machine in the example form ofa computer system 400, within which a set or sequence of instructionsmay be executed to cause the machine to perform any one of themethodologies discussed herein, according to an example embodiment. Inalternative embodiments, the machine operates as a standalone device ormay be connected (e.g., networked) to other machines. In a networkeddeployment, the machine may operate in the capacity of either a serveror a client machine in server-client network environments, or it may actas a peer machine in peer-to-peer (or distributed) network environments.The machine may be an onboard vehicle system, set-top box, wearabledevice, personal computer (PC), a tablet PC, a hybrid tablet, a personaldigital assistant (PDA), a mobile telephone, or any machine capable ofexecuting instructions (sequential or otherwise) that specify actions tobe taken by that machine. Further, while only a single machine isillustrated, the term “machine” shall also be taken to include anycollection of machines that individually or jointly execute a set (ormultiple sets) of instructions to perform any one or more of themethodologies discussed herein. Similarly, the term “processor-basedsystem” shall be taken to include any set of one or more machines thatare controlled by or operated by a processor (e.g., a computer) toindividually or jointly execute instructions to perform any one or moreof the methodologies discussed herein.

Example computer system 400 includes at least one processor 402 (e.g., acentral processing unit (CPU), a graphics processing unit (GPU) or both,processor cores, compute nodes, etc.), a main memory 404 and a staticmemory 406, which communicate with each other via a link 408 (e.g.,bus). The computer system 400 may further include a video display unit410, an alphanumeric input device 412 (e.g., a keyboard), and a userinterface (UI) navigation device 414 (e.g., a mouse). In one embodiment,the video display unit 410, input device 412 and UI navigation device414 are incorporated into a touch screen display. The computer system400 may additionally include a storage device 416 (e.g., a drive unit),a signal generation device 418 (e.g., a speaker), a network interfacedevice 420, and one or more sensors (not shown), such as a globalpositioning system (GPS) sensor, compass, accelerometer, or othersensor.

The storage device 416 includes a machine-readable medium 422 on whichis stored one or more sets of data structures and instructions 424(e.g., software) embodying or utilized by any one or more of themethodologies or functions described herein. The instructions 424 mayalso reside, completely or at least partially, within the main memory404, static memory 406, and/or within the processor 402 during executionthereof by the computer system 400, with the main memory 404, staticmemory 406, and the processor 402 also constituting machine-readablemedia.

While the machine-readable medium 422 is illustrated in an exampleembodiment to be a single medium, the term “machine-readable medium” mayinclude a single medium or multiple media (e.g., a centralized ordistributed database, and/or associated caches and servers) that storethe one or more instructions 424. The term “machine-readable medium”shall also be taken to include any tangible medium that is capable ofstoring, encoding or carrying instructions for execution by the machineand that cause the machine to perform any one or more of themethodologies of the present disclosure or that is capable of storing,encoding or carrying data structures utilized by or associated with suchinstructions. The term “machine-readable medium” shall accordingly betaken to include, but not be limited to, solid-state memories, andoptical and magnetic media. Specific examples of machine-readable mediainclude non-volatile memory, including but not limited to, by way ofexample, semiconductor memory devices (e.g., electrically programmableread-only memory (EPROM), electrically erasable programmable read-onlymemory (EEPROM)) and flash memory devices; magnetic disks such asinternal hard disks and removable disks; magneto-optical disks; andCD-ROM and DVD-ROM disks.

The instructions 424 may further be transmitted or received over acommunications network 426 using a transmission medium via the networkinterface device 420 utilizing any one of a number of well-knowntransfer protocols (e.g., HTTP). Examples of communication networksinclude a local area network (LAN), a wide area network (WAN), theInternet, mobile telephone networks, plain old telephone (POTS)networks, and wireless data networks (e.g., Wi-Fi, 3G, and 4G LTE/LTE-Aor WiMAX networks). The term “transmission medium” shall be taken toinclude any intangible medium that is capable of storing, encoding, orcarrying instructions for execution by the machine, and includes digitalor analog communications signals or other intangible medium tofacilitate communication of such software.

Additional Notes & Examples

Example 1 includes subject matter for authenticating a wearable device(such as a device, apparatus, or machine) comprising: an access moduleto access a second wearable device from a first wearable device, thefirst and second wearable devices being worn by a wearer and the firstwearable device being a trusted device to the wearer; a measurementmodule to measure a distance from the first wearable device to thesecond wearable device; and an authentication module to authenticate thesecond wearable device when the distance is within a threshold range ofan initialized distance.

In Example 2, the subject matter of Example 1 may include, wherein toaccess the second wearable device from the first wearable device, theaccess module is to: access the second wearable device with ashort-range wireless telemetry protocol.

In Example 3, the subject matter of any one of Examples 1 to 2 mayinclude, wherein to access the second wearable device from the firstwearable device, the access module is to: access the second wearabledevice with a body-coupled communication protocol.

In Example 4, the subject matter of any one of Examples 1 to 3 mayinclude, wherein to measure the distance from the first wearable deviceto the second wearable device, the measurement module is to: transmit asignal from the second wearable device to the first wearable device;measure a signal strength of the signal; and calculate the distance fromthe signal strength.

In Example 5, the subject matter of any one of Examples 1 to 4 mayinclude, wherein to measure the distance from the first wearable deviceto the second wearable device, the measurement module is to: transmit aninitial data packet from the first wearable device to the secondwearable device; receive a response data packet from the second wearabledevice at the first wearable device; measure a round-trip time frombased on the transmit time of the initial data packet and the receipttime of the response data packet; and calculate the distance based onthe round-trip time.

In Example 6, the subject matter of any one of Examples 1 to 5 mayinclude, wherein to authenticate the second wearable device, theauthentication module is to: transmit a secure key from the firstwearable device to the second wearable device.

In Example 7, the subject matter of any one of Examples 1 to 6 mayinclude, wherein the threshold range comprises a percentage of theinitialized distance.

In Example 8, the subject matter of any one of Examples 1 to 7 mayinclude, an initialization module to set initialized distance by:prompting the wearer of the first and second wearable devices to assumea position; measuring a distance between the first and second deviceswhile the wearer is in the position; and setting the initializeddistance as the distance between the first and second device.

In Example 9, the subject matter of any one of Examples 1 to 8 mayinclude, wherein the authentication module is to: verify the wearer whenthe distance is within the threshold range of the initialized distance.

In Example 10, the subject matter of any one of Examples 1 to 9 mayinclude, a verification module to verify the second wearable device isassociated with the first wearable device before authenticating thesecond wearable device.

In Example 11, the subject matter of any one of Examples 1 to 10 mayinclude, wherein to verify the second wearable device is associated withthe first wearable device, the verification module is to: prompt thewearer to perform an action; determine that the wearer performed theaction; and verify the second wearable device being associated with thefirst wearable device based on the determining that the wearer performedthe action.

In Example 12, the subject matter of any one of Examples 1 to 11 mayinclude, wherein the action comprises moving the second wearable devicein a specific manner.

In Example 13, the subject matter of any one of Examples 1 to 12 mayinclude, wherein the action comprises moving the second wearable devicefrom a first location on the wearer's body to a second location on thewearer's body.

In Example 13, the subject matter of any one of Examples 1 to 12 mayinclude, wherein the action comprises moving the second wearable devicefrom a first location on the wearer's body to a second location on thewearer's body.

Example 14 includes subject matter for authenticating a wearable device(such as a method, means for performing acts, machine readable mediumincluding instructions that when performed by a machine cause themachine to performs acts, or an apparatus to perform) comprising:accessing a second wearable device from a first wearable device, thefirst and second wearable devices being worn by a wearer and the firstwearable device being a trusted device to the wearer; measuring adistance from the first wearable device to the second wearable device;and authenticating the second wearable device when the distance iswithin a threshold range of an initialized distance.

In Example 15, the subject matter of Example 14 may include, whereinaccessing the second wearable device from the first wearable devicecomprises: accessing the second wearable device with a short-rangewireless telemetry protocol.

In Example 16, the subject matter of any one of Examples 14 to 15 mayinclude, wherein accessing the second wearable device from the firstwearable device comprises: accessing the second wearable device with abody-coupled communication protocol.

In Example 17, the subject matter of any one of Examples 14 to 16 mayinclude, wherein measuring the distance from the first wearable deviceto the second wearable device comprises: transmitting a signal from thesecond wearable device to the first wearable device; measuring a signalstrength of the signal; and calculating the distance from the signalstrength.

In Example 18, the subject matter of any one of Examples 14 to 17 mayinclude, wherein measuring the distance from the first wearable deviceto the second wearable device comprises: transmitting an initial datapacket from the first wearable device to the second wearable device;receiving a response data packet from the second wearable device at thefirst wearable device; measuring a round-trip time from based on thetransmit time of the initial data packet and the receipt time of theresponse data packet; and calculating the distance based on theround-trip time.

In Example 19, the subject matter of any one of Examples 14 to 18 mayinclude, wherein authenticating the second wearable device comprises:transmitting a secure key from the first wearable device to the secondwearable device.

In Example 20, the subject matter of any one of Examples 14 to 19 mayinclude, wherein the threshold range comprises a percentage of theinitialized distance.

In Example 21, the subject matter of any one of Examples 14 to 20 mayinclude, wherein the initialized distance is set by: prompting thewearer of the first and second wearable devices to assume a position;measuring a distance between the first and second devices while thewearer is in the position; and setting the initialized distance as thedistance between the first and second device.

In Example 22, the subject matter of any one of Examples 14 to 21 mayinclude, verifying the wearer when the distance is within the thresholdrange of the initialized distance.

In Example 23, the subject matter of any one of Examples 14 to 22 mayinclude, verifying the second wearable device is associated with thefirst wearable device before authenticating the second wearable device.

In Example 24, the subject matter of any one of Examples 14 to 23 mayinclude, wherein verifying the second wearable device is associated withthe first wearable device comprises: prompting the wearer to perform anaction; determining that the wearer performed the action; and verifyingthe second wearable device being associated with the first wearabledevice based on the determining that the wearer performed the action.

In Example 25, the subject matter of any one of Examples 14 to 24 mayinclude, wherein the action comprises moving the second wearable devicein a specific manner.

In Example 26, the subject matter of any one of Examples 14 to 25 mayinclude, wherein the action comprises moving the second wearable devicefrom a first location on the wearer's body to a second location on thewearer's body.

Example 27 includes at least one machine-readable medium includinginstructions, which when executed by a machine, cause the machine toperform operations of any of the Examples 14-26.

Example 28 includes an apparatus comprising means for performing any ofthe Examples 14-26.

Example 29 includes subject matter for authenticating a wearable device(such as a device, apparatus, or machine) comprising: means foraccessing a second wearable device from a first wearable device, thefirst and second wearable devices being worn by a wearer and the firstwearable device being a trusted device to the wearer; means formeasuring a distance from the first wearable device to the secondwearable device; and means for authenticating the second wearable devicewhen the distance is within a threshold range of an initializeddistance.

In Example 30, the subject matter of Example 29 may include, wherein themeans for accessing the second wearable device from the first wearabledevice comprise: means for accessing the second wearable device with ashort-range wireless telemetry protocol.

In Example 31, the subject matter of any one of Examples 29 to 30 mayinclude, wherein the means for accessing the second wearable device fromthe first wearable device comprise: means for accessing the secondwearable device with a body-coupled communication protocol.

In Example 32, the subject matter of any one of Examples 29 to 31 mayinclude, wherein the means for measuring the distance from the firstwearable device to the second wearable device comprise: means fortransmitting a signal from the second wearable device to the firstwearable device; means for measuring a signal strength of the signal;and means for calculating the distance from the signal strength.

In Example 33, the subject matter of any one of Examples 29 to 32 mayinclude, wherein the means for measuring the distance from the firstwearable device to the second wearable device comprise: means fortransmitting an initial data packet from the first wearable device tothe second wearable device; means for receiving a response data packetfrom the second wearable device at the first wearable device; means formeasuring a round-trip time from based on the transmit time of theinitial data packet and the receipt time of the response data packet;and means for calculating the distance based on the round-trip time.

In Example 34, the subject matter of any one of Examples 29 to 33 mayinclude, wherein the means for authenticating the second wearable devicecomprise: means for transmitting a secure key from the first wearabledevice to the second wearable device.

In Example 35, the subject matter of any one of Examples 29 to 34 mayinclude, wherein the threshold range comprises a percentage of theinitialized distance.

In Example 36, the subject matter of any one of Examples 29 to 35 mayinclude, wherein the initialized distance is set by: prompting thewearer of the first and second wearable devices to assume a position;measuring a distance between the first and second devices while thewearer is in the position; and setting the initialized distance as thedistance between the first and second device.

In Example 37, the subject matter of any one of Examples 29 to 36 mayinclude, means for verifying the wearer when the distance is within thethreshold range of the initialized distance.

In Example 38, the subject matter of any one of Examples 29 to 37 mayinclude, means for verifying the second wearable device is associatedwith the first wearable device before authenticating the second wearabledevice.

In Example 39, the subject matter of any one of Examples 29 to 38 mayinclude, wherein the means for verifying the second wearable device isassociated with the first wearable device comprise: means for promptingthe wearer to perform an action; means for determining that the wearerperformed the action; and means for verifying the second wearable devicebeing associated with the first wearable device based on the determiningthat the wearer performed the action.

In Example 40, the subject matter of any one of Examples 29 to 39 mayinclude, wherein the action comprises moving the second wearable devicein a specific manner.

In Example 41, the subject matter of any one of Examples 29 to 40 mayinclude, wherein the action comprises moving the second wearable devicefrom a first location on the wearer's body to a second location on thewearer's body.

The above detailed description includes references to the accompanyingdrawings, which form a part of the detailed description. The drawingsshow, by way of illustration, specific embodiments that may bepracticed. These embodiments are also referred to herein as “examples.”Such examples may include elements in addition to those shown ordescribed. However, also contemplated are examples that include theelements shown or described. Moreover, also contemplated are examplesusing any combination or permutation of those elements shown ordescribed (or one or more aspects thereof), either with respect to aparticular example (or one or more aspects thereof), or with respect toother examples (or one or more aspects thereof) shown or describedherein.

In the event of inconsistent usages between this document and thosedocuments so incorporated by reference, the usage in the incorporatedreference(s) are supplementary to that of this document; forirreconcilable inconsistencies, the usage in this document controls.

In this document, the terms “a” or “an” are used, as is common in patentdocuments, to include one or more than one, independent of any otherinstances or usages of “at least one” or “one or more.” In thisdocument, the term “or” is used to refer to a nonexclusive or, such that“A or B” includes “A but not B,” “B but not A,” and “A and B,” unlessotherwise indicated. In the appended claims, the terms “including” and“in which” are used as the plain-English equivalents of the respectiveterms “comprising” and “wherein.” Also, in the following claims, theterms “including” and “comprising” are open-ended, that is, a system,device, article, or process that includes elements in addition to thoselisted after such a term in a claim are still deemed to fall within thescope of that claim. Moreover, in the following claims, the terms“first,” “second,” and “third,” etc. are used merely as labels, and arenot intended to suggest a numerical order for their objects.

The above description is intended to be illustrative, and notrestrictive. For example, the above-described examples (or one or moreaspects thereof) may be used in combination with others. Otherembodiments may be used, such as by one of ordinary skill in the artupon reviewing the above description. The Abstract is to allow thereader to quickly ascertain the nature of the technical disclosure. Itis submitted with the understanding that it will not be used tointerpret or limit the scope or meaning of the claims. Also, in theabove Detailed Description, various features may be grouped together tostreamline the disclosure. However, the claims may not set forth everyfeature disclosed herein as embodiments may feature a subset of saidfeatures. Further, embodiments may include fewer features than thosedisclosed in a particular example. Thus, the following claims are herebyincorporated into the Detailed Description, with a claim standing on itsown as a separate embodiment. The scope of the embodiments disclosedherein is to be determined with reference to the appended claims, alongwith the full scope of equivalents to which such claims are entitled.

What is claimed is:
 1. A system for authenticating a wearable device,the system comprising: an access module to access a second wearabledevice from a first wearable device, the first and second wearabledevices being worn by a wearer and the first wearable device being atrusted device to the wearer; a measurement module to measure a distancefrom the first wearable device to the second wearable device; and anauthentication module to authenticate the second wearable device whenthe distance is within a threshold range of an initialized distance.